Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTA-2013-AVI-593
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans Oracle Solaris. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Oracle Solaris 11",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Solaris 11.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Solaris 10",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Solaris 9",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2012-5526",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-5526"
},
{
"name": "CVE-2010-4411",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4411"
},
{
"name": "CVE-2011-2728",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2728"
},
{
"name": "CVE-2010-2761",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2761"
},
{
"name": "CVE-2012-5195",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-5195"
},
{
"name": "CVE-2012-6329",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-6329"
},
{
"name": "CVE-2011-3597",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3597"
}
],
"initial_release_date": "2013-10-18T00:00:00",
"last_revision_date": "2013-10-18T00:00:00",
"links": [],
"reference": "CERTA-2013-AVI-593",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2013-10-18T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eOracle Solaris\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de\nservice \u00e0 distance et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle Solaris",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle du 17 octobre 2013",
"url": "http://www.oracle.com/technetwork/topics/security/thirdparty-patch-map-1482893.html"
}
]
}
CVE-2010-4411 (GCVE-0-2010-4411)
Vulnerability from cvelistv5
Published
2010-12-06 20:00
Modified
2024-08-07 03:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unspecified vulnerability in CGI.pm 3.50 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unknown vectors. NOTE: this issue exists because of an incomplete fix for CVE-2010-2761.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:43:14.919Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "43068",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43068"
},
{
"name": "43165",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43165"
},
{
"name": "[oss-security] 20101201 Re: CVE Request -- perl-CGI two ids, perl-CGI-Simple one id (CVE-2010-3172 already assigned for Bugzilla part)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2010/12/01/3"
},
{
"name": "ADV-2011-0212",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=591165"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.bugzilla.org/security/3.2.9/"
},
{
"name": "MDVSA-2011:008",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:008"
},
{
"name": "FEDORA-2011-0741",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053665.html"
},
{
"name": "SUSE-SR:2011:005",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html"
},
{
"name": "ADV-2011-0271",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0271"
},
{
"name": "43033",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43033"
},
{
"name": "ADV-2011-0207",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0207"
},
{
"name": "SUSE-SR:2011:002",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"name": "FEDORA-2011-0755",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053678.html"
},
{
"name": "ADV-2011-0106",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0106"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-12-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in CGI.pm 3.50 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unknown vectors. NOTE: this issue exists because of an incomplete fix for CVE-2010-2761."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-02-06T20:57:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "43068",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43068"
},
{
"name": "43165",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43165"
},
{
"name": "[oss-security] 20101201 Re: CVE Request -- perl-CGI two ids, perl-CGI-Simple one id (CVE-2010-3172 already assigned for Bugzilla part)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2010/12/01/3"
},
{
"name": "ADV-2011-0212",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=591165"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.bugzilla.org/security/3.2.9/"
},
{
"name": "MDVSA-2011:008",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:008"
},
{
"name": "FEDORA-2011-0741",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053665.html"
},
{
"name": "SUSE-SR:2011:005",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html"
},
{
"name": "ADV-2011-0271",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0271"
},
{
"name": "43033",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43033"
},
{
"name": "ADV-2011-0207",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0207"
},
{
"name": "SUSE-SR:2011:002",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"name": "FEDORA-2011-0755",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053678.html"
},
{
"name": "ADV-2011-0106",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0106"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4411",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in CGI.pm 3.50 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unknown vectors. NOTE: this issue exists because of an incomplete fix for CVE-2010-2761."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "43068",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43068"
},
{
"name": "43165",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43165"
},
{
"name": "[oss-security] 20101201 Re: CVE Request -- perl-CGI two ids, perl-CGI-Simple one id (CVE-2010-3172 already assigned for Bugzilla part)",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2010/12/01/3"
},
{
"name": "ADV-2011-0212",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=591165",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=591165"
},
{
"name": "http://www.bugzilla.org/security/3.2.9/",
"refsource": "CONFIRM",
"url": "http://www.bugzilla.org/security/3.2.9/"
},
{
"name": "MDVSA-2011:008",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:008"
},
{
"name": "FEDORA-2011-0741",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053665.html"
},
{
"name": "SUSE-SR:2011:005",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html"
},
{
"name": "ADV-2011-0271",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0271"
},
{
"name": "43033",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43033"
},
{
"name": "ADV-2011-0207",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0207"
},
{
"name": "SUSE-SR:2011:002",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"name": "FEDORA-2011-0755",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053678.html"
},
{
"name": "ADV-2011-0106",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0106"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-4411",
"datePublished": "2010-12-06T20:00:00",
"dateReserved": "2010-12-06T00:00:00",
"dateUpdated": "2024-08-07T03:43:14.919Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3597 (GCVE-0-2011-3597)
Vulnerability from cvelistv5
Published
2012-01-13 18:00
Modified
2024-08-06 23:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Eval injection vulnerability in the Digest module before 1.17 for Perl allows context-dependent attackers to execute arbitrary commands via the new constructor.
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:37:48.453Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2011:1797",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1797.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=743010"
},
{
"name": "MDVSA-2012:009",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:009"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://aix.software.ibm.com/aix/efixes/security/perl_advisory2.asc"
},
{
"name": "USN-1643-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1643-1"
},
{
"name": "oval:org.mitre.oval:def:19446",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19446"
},
{
"name": "MDVSA-2012:008",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:008"
},
{
"name": "RHSA-2011:1424",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1424.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"name": "46279",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46279"
},
{
"name": "51457",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51457"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10735"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cpansearch.perl.org/src/GAAS/Digest-1.17/Changes"
},
{
"name": "49911",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/49911"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-10-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Eval injection vulnerability in the Digest module before 1.17 for Perl allows context-dependent attackers to execute arbitrary commands via the new constructor."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2011:1797",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1797.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=743010"
},
{
"name": "MDVSA-2012:009",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:009"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://aix.software.ibm.com/aix/efixes/security/perl_advisory2.asc"
},
{
"name": "USN-1643-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1643-1"
},
{
"name": "oval:org.mitre.oval:def:19446",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19446"
},
{
"name": "MDVSA-2012:008",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:008"
},
{
"name": "RHSA-2011:1424",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1424.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"name": "46279",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46279"
},
{
"name": "51457",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51457"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10735"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cpansearch.perl.org/src/GAAS/Digest-1.17/Changes"
},
{
"name": "49911",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/49911"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-3597",
"datePublished": "2012-01-13T18:00:00",
"dateReserved": "2011-09-21T00:00:00",
"dateUpdated": "2024-08-06T23:37:48.453Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-6329 (GCVE-0-2012-6329)
Vulnerability from cvelistv5
Published
2013-01-04 21:00
Modified
2024-08-06 21:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The _compile function in Maketext.pm in the Locale::Maketext implementation in Perl before 5.17.7 does not properly handle backslashes and fully qualified method names during compilation of bracket notation, which allows context-dependent attackers to execute arbitrary commands via crafted input to an application that accepts translation strings from users, as demonstrated by the TWiki application before 5.1.3, and the Foswiki application 1.0.x through 1.0.10 and 1.1.x through 1.1.6.
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:28:39.568Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name": "MDVSA-2013:113",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:113"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2012-6329"
},
{
"name": "[foswiki-announce] 20121212 Security Alert CVE-2012-6329: Foswiki MAKETEXT Variable Allows Arbitrary Shell Command Execution",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://sourceforge.net/mailarchive/message.php?msg_id=30219695"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://perl5.git.perl.org/perl.git/commit/1735f6f53ca19f99c6e9e39496c486af323ba6a8"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://perl5.git.perl.org/perl.git/blob/HEAD:/pod/perl5177delta.pod"
},
{
"name": "[perl5-porters] 20121205 Re: security notice: Locale::Maketext",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://code.activestate.com/lists/perl5-porters/187763/"
},
{
"name": "[oss-security] 20121211 Re: CVE request: perl-modules",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2012/12/11/4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=884354"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0032"
},
{
"name": "USN-2099-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2099-1"
},
{
"name": "[perl5-porters] 20121205 security notice: Locale::Maketext",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://code.activestate.com/lists/perl5-porters/187746/"
},
{
"name": "RHSA-2013:0685",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0685.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10735"
},
{
"name": "56950",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/56950"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=695224"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-12-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The _compile function in Maketext.pm in the Locale::Maketext implementation in Perl before 5.17.7 does not properly handle backslashes and fully qualified method names during compilation of bracket notation, which allows context-dependent attackers to execute arbitrary commands via crafted input to an application that accepts translation strings from users, as demonstrated by the TWiki application before 5.1.3, and the Foswiki application 1.0.x through 1.0.10 and 1.1.x through 1.1.6."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-06T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name": "MDVSA-2013:113",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:113"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2012-6329"
},
{
"name": "[foswiki-announce] 20121212 Security Alert CVE-2012-6329: Foswiki MAKETEXT Variable Allows Arbitrary Shell Command Execution",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://sourceforge.net/mailarchive/message.php?msg_id=30219695"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://perl5.git.perl.org/perl.git/commit/1735f6f53ca19f99c6e9e39496c486af323ba6a8"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://perl5.git.perl.org/perl.git/blob/HEAD:/pod/perl5177delta.pod"
},
{
"name": "[perl5-porters] 20121205 Re: security notice: Locale::Maketext",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://code.activestate.com/lists/perl5-porters/187763/"
},
{
"name": "[oss-security] 20121211 Re: CVE request: perl-modules",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2012/12/11/4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=884354"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0032"
},
{
"name": "USN-2099-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2099-1"
},
{
"name": "[perl5-porters] 20121205 security notice: Locale::Maketext",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://code.activestate.com/lists/perl5-porters/187746/"
},
{
"name": "RHSA-2013:0685",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0685.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10735"
},
{
"name": "56950",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/56950"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=695224"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6329",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The _compile function in Maketext.pm in the Locale::Maketext implementation in Perl before 5.17.7 does not properly handle backslashes and fully qualified method names during compilation of bracket notation, which allows context-dependent attackers to execute arbitrary commands via crafted input to an application that accepts translation strings from users, as demonstrated by the TWiki application before 5.1.3, and the Foswiki application 1.0.x through 1.0.10 and 1.1.x through 1.1.6."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name": "MDVSA-2013:113",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:113"
},
{
"name": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2012-6329",
"refsource": "CONFIRM",
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2012-6329"
},
{
"name": "[foswiki-announce] 20121212 Security Alert CVE-2012-6329: Foswiki MAKETEXT Variable Allows Arbitrary Shell Command Execution",
"refsource": "MLIST",
"url": "http://sourceforge.net/mailarchive/message.php?msg_id=30219695"
},
{
"name": "http://perl5.git.perl.org/perl.git/commit/1735f6f53ca19f99c6e9e39496c486af323ba6a8",
"refsource": "CONFIRM",
"url": "http://perl5.git.perl.org/perl.git/commit/1735f6f53ca19f99c6e9e39496c486af323ba6a8"
},
{
"name": "http://perl5.git.perl.org/perl.git/blob/HEAD:/pod/perl5177delta.pod",
"refsource": "CONFIRM",
"url": "http://perl5.git.perl.org/perl.git/blob/HEAD:/pod/perl5177delta.pod"
},
{
"name": "[perl5-porters] 20121205 Re: security notice: Locale::Maketext",
"refsource": "MLIST",
"url": "http://code.activestate.com/lists/perl5-porters/187763/"
},
{
"name": "[oss-security] 20121211 Re: CVE request: perl-modules",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2012/12/11/4"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=884354",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=884354"
},
{
"name": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0032",
"refsource": "CONFIRM",
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0032"
},
{
"name": "USN-2099-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2099-1"
},
{
"name": "[perl5-porters] 20121205 security notice: Locale::Maketext",
"refsource": "MLIST",
"url": "http://code.activestate.com/lists/perl5-porters/187746/"
},
{
"name": "RHSA-2013:0685",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0685.html"
},
{
"name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10735",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10735"
},
{
"name": "56950",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/56950"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=695224",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=695224"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-6329",
"datePublished": "2013-01-04T21:00:00",
"dateReserved": "2012-12-10T00:00:00",
"dateUpdated": "2024-08-06T21:28:39.568Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-2761 (GCVE-0-2010-2761)
Vulnerability from cvelistv5
Published
2010-12-06 20:00
Modified
2024-08-07 02:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The multipart_init function in (1) CGI.pm before 3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier uses a hardcoded value of the MIME boundary string in multipart/x-mixed-replace content, which allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input that contains this value, a different vulnerability than CVE-2010-3172.
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:46:47.287Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://perl5.git.perl.org/perl.git/blobdiff/a0b94c2432b1d8c20653453a0f6970cb10f59aec..84601d63a7e34958da47dad1e61e27cb3bd467d1:/cpan/CGI/lib/CGI.pm"
},
{
"name": "RHSA-2011:1797",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1797.html"
},
{
"name": "SUSE-SR:2011:001",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html"
},
{
"name": "FEDORA-2011-0653",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053591.html"
},
{
"name": "43068",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43068"
},
{
"name": "[oss-security] 20101201 Re: CVE Request -- perl-CGI two ids, perl-CGI-Simple one id (CVE-2010-3172 already assigned for Bugzilla part)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2010/12/01/2"
},
{
"name": "69588",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/69588"
},
{
"name": "43165",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43165"
},
{
"name": "[oss-security] 20101201 Re: CVE Request -- perl-CGI two ids, perl-CGI-Simple one id (CVE-2010-3172 already assigned for Bugzilla part)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2010/12/01/3"
},
{
"name": "ADV-2011-0212",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=591165"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/AndyA/CGI--Simple/commit/e4942b871a26c1317a175a91ebb7262eea59b380"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.bugzilla.org/security/3.2.9/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=600464"
},
{
"name": "FEDORA-2011-0741",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053665.html"
},
{
"name": "SUSE-SR:2011:005",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html"
},
{
"name": "ADV-2011-0271",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0271"
},
{
"name": "43033",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43033"
},
{
"name": "ADV-2011-0207",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0207"
},
{
"name": "42877",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42877"
},
{
"name": "SUSE-SR:2011:002",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://perl5.git.perl.org/perl.git/commit/84601d63a7e34958da47dad1e61e27cb3bd467d1"
},
{
"name": "ADV-2011-0249",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0249"
},
{
"name": "FEDORA-2011-0755",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053678.html"
},
{
"name": "MDVSA-2010:250",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:250"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.nntp.perl.org/group/perl.perl5.changes/2010/11/msg28043.html"
},
{
"name": "MDVSA-2010:237",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:237"
},
{
"name": "69589",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/69589"
},
{
"name": "ADV-2011-0076",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0076"
},
{
"name": "[oss-security] 20101201 CVE Request -- perl-CGI two ids, perl-CGI-Simple one id (CVE-2010-3172 already assigned for Bugzilla part)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2010/12/01/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cpansearch.perl.org/src/LDS/CGI.pm-3.50/Changes"
},
{
"name": "FEDORA-2011-0631",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053576.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"name": "43147",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43147"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10735"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-11-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The multipart_init function in (1) CGI.pm before 3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier uses a hardcoded value of the MIME boundary string in multipart/x-mixed-replace content, which allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input that contains this value, a different vulnerability than CVE-2010-3172."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-06T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://perl5.git.perl.org/perl.git/blobdiff/a0b94c2432b1d8c20653453a0f6970cb10f59aec..84601d63a7e34958da47dad1e61e27cb3bd467d1:/cpan/CGI/lib/CGI.pm"
},
{
"name": "RHSA-2011:1797",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1797.html"
},
{
"name": "SUSE-SR:2011:001",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html"
},
{
"name": "FEDORA-2011-0653",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053591.html"
},
{
"name": "43068",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43068"
},
{
"name": "[oss-security] 20101201 Re: CVE Request -- perl-CGI two ids, perl-CGI-Simple one id (CVE-2010-3172 already assigned for Bugzilla part)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2010/12/01/2"
},
{
"name": "69588",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/69588"
},
{
"name": "43165",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43165"
},
{
"name": "[oss-security] 20101201 Re: CVE Request -- perl-CGI two ids, perl-CGI-Simple one id (CVE-2010-3172 already assigned for Bugzilla part)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2010/12/01/3"
},
{
"name": "ADV-2011-0212",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=591165"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/AndyA/CGI--Simple/commit/e4942b871a26c1317a175a91ebb7262eea59b380"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.bugzilla.org/security/3.2.9/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=600464"
},
{
"name": "FEDORA-2011-0741",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053665.html"
},
{
"name": "SUSE-SR:2011:005",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html"
},
{
"name": "ADV-2011-0271",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0271"
},
{
"name": "43033",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43033"
},
{
"name": "ADV-2011-0207",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0207"
},
{
"name": "42877",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42877"
},
{
"name": "SUSE-SR:2011:002",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://perl5.git.perl.org/perl.git/commit/84601d63a7e34958da47dad1e61e27cb3bd467d1"
},
{
"name": "ADV-2011-0249",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0249"
},
{
"name": "FEDORA-2011-0755",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053678.html"
},
{
"name": "MDVSA-2010:250",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:250"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.nntp.perl.org/group/perl.perl5.changes/2010/11/msg28043.html"
},
{
"name": "MDVSA-2010:237",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:237"
},
{
"name": "69589",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/69589"
},
{
"name": "ADV-2011-0076",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0076"
},
{
"name": "[oss-security] 20101201 CVE Request -- perl-CGI two ids, perl-CGI-Simple one id (CVE-2010-3172 already assigned for Bugzilla part)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2010/12/01/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cpansearch.perl.org/src/LDS/CGI.pm-3.50/Changes"
},
{
"name": "FEDORA-2011-0631",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053576.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"name": "43147",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43147"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10735"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2761",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The multipart_init function in (1) CGI.pm before 3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier uses a hardcoded value of the MIME boundary string in multipart/x-mixed-replace content, which allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input that contains this value, a different vulnerability than CVE-2010-3172."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://perl5.git.perl.org/perl.git/blobdiff/a0b94c2432b1d8c20653453a0f6970cb10f59aec..84601d63a7e34958da47dad1e61e27cb3bd467d1:/cpan/CGI/lib/CGI.pm",
"refsource": "CONFIRM",
"url": "http://perl5.git.perl.org/perl.git/blobdiff/a0b94c2432b1d8c20653453a0f6970cb10f59aec..84601d63a7e34958da47dad1e61e27cb3bd467d1:/cpan/CGI/lib/CGI.pm"
},
{
"name": "RHSA-2011:1797",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-1797.html"
},
{
"name": "SUSE-SR:2011:001",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html"
},
{
"name": "FEDORA-2011-0653",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053591.html"
},
{
"name": "43068",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43068"
},
{
"name": "[oss-security] 20101201 Re: CVE Request -- perl-CGI two ids, perl-CGI-Simple one id (CVE-2010-3172 already assigned for Bugzilla part)",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2010/12/01/2"
},
{
"name": "69588",
"refsource": "OSVDB",
"url": "http://osvdb.org/69588"
},
{
"name": "43165",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43165"
},
{
"name": "[oss-security] 20101201 Re: CVE Request -- perl-CGI two ids, perl-CGI-Simple one id (CVE-2010-3172 already assigned for Bugzilla part)",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2010/12/01/3"
},
{
"name": "ADV-2011-0212",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=591165",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=591165"
},
{
"name": "https://github.com/AndyA/CGI--Simple/commit/e4942b871a26c1317a175a91ebb7262eea59b380",
"refsource": "CONFIRM",
"url": "https://github.com/AndyA/CGI--Simple/commit/e4942b871a26c1317a175a91ebb7262eea59b380"
},
{
"name": "http://www.bugzilla.org/security/3.2.9/",
"refsource": "CONFIRM",
"url": "http://www.bugzilla.org/security/3.2.9/"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=600464",
"refsource": "MISC",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=600464"
},
{
"name": "FEDORA-2011-0741",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053665.html"
},
{
"name": "SUSE-SR:2011:005",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html"
},
{
"name": "ADV-2011-0271",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0271"
},
{
"name": "43033",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43033"
},
{
"name": "ADV-2011-0207",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0207"
},
{
"name": "42877",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42877"
},
{
"name": "SUSE-SR:2011:002",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"name": "http://perl5.git.perl.org/perl.git/commit/84601d63a7e34958da47dad1e61e27cb3bd467d1",
"refsource": "CONFIRM",
"url": "http://perl5.git.perl.org/perl.git/commit/84601d63a7e34958da47dad1e61e27cb3bd467d1"
},
{
"name": "ADV-2011-0249",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0249"
},
{
"name": "FEDORA-2011-0755",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053678.html"
},
{
"name": "MDVSA-2010:250",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:250"
},
{
"name": "http://www.nntp.perl.org/group/perl.perl5.changes/2010/11/msg28043.html",
"refsource": "CONFIRM",
"url": "http://www.nntp.perl.org/group/perl.perl5.changes/2010/11/msg28043.html"
},
{
"name": "MDVSA-2010:237",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:237"
},
{
"name": "69589",
"refsource": "OSVDB",
"url": "http://osvdb.org/69589"
},
{
"name": "ADV-2011-0076",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0076"
},
{
"name": "[oss-security] 20101201 CVE Request -- perl-CGI two ids, perl-CGI-Simple one id (CVE-2010-3172 already assigned for Bugzilla part)",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2010/12/01/1"
},
{
"name": "http://cpansearch.perl.org/src/LDS/CGI.pm-3.50/Changes",
"refsource": "CONFIRM",
"url": "http://cpansearch.perl.org/src/LDS/CGI.pm-3.50/Changes"
},
{
"name": "FEDORA-2011-0631",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053576.html"
},
{
"name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"name": "43147",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43147"
},
{
"name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10735",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10735"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-2761",
"datePublished": "2010-12-06T20:00:00",
"dateReserved": "2010-07-14T00:00:00",
"dateUpdated": "2024-08-07T02:46:47.287Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-2728 (GCVE-0-2011-2728)
Vulnerability from cvelistv5
Published
2012-12-21 02:00
Modified
2024-08-06 23:08
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The bsd_glob function in the File::Glob module for Perl before 5.14.2 allows context-dependent attackers to cause a denial of service (crash) via a glob expression with the GLOB_ALTDIRFUNC flag, which triggers an uninitialized pointer dereference.
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:08:23.771Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cpansearch.perl.org/src/FLORA/perl-5.14.2/pod/perldelta.pod"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://perl5.git.perl.org/perl.git/commit/1af4051e077438976a4c12a0622feaf6715bec77"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://blogs.oracle.com/sunsecurity/entry/cve_2011_2728_denial_of1"
},
{
"name": "FEDORA-2011-15484",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069752.html"
},
{
"name": "49858",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/49858"
},
{
"name": "46172",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46172"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=742987"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The bsd_glob function in the File::Glob module for Perl before 5.14.2 allows context-dependent attackers to cause a denial of service (crash) via a glob expression with the GLOB_ALTDIRFUNC flag, which triggers an uninitialized pointer dereference."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-12-21T02:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cpansearch.perl.org/src/FLORA/perl-5.14.2/pod/perldelta.pod"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://perl5.git.perl.org/perl.git/commit/1af4051e077438976a4c12a0622feaf6715bec77"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://blogs.oracle.com/sunsecurity/entry/cve_2011_2728_denial_of1"
},
{
"name": "FEDORA-2011-15484",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069752.html"
},
{
"name": "49858",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/49858"
},
{
"name": "46172",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46172"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=742987"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-2728",
"datePublished": "2012-12-21T02:00:00Z",
"dateReserved": "2011-07-11T00:00:00Z",
"dateUpdated": "2024-08-06T23:08:23.771Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-5195 (GCVE-0-2012-5195)
Vulnerability from cvelistv5
Published
2012-12-18 00:00
Modified
2024-08-06 20:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Heap-based buffer overflow in the Perl_repeatcpy function in util.c in Perl 5.12.x before 5.12.5, 5.14.x before 5.14.3, and 5.15.x before 15.15.5 allows context-dependent attackers to cause a denial of service (memory consumption and crash) or possibly execute arbitrary code via the 'x' string repeat operator.
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:58:03.185Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name": "MDVSA-2013:113",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:113"
},
{
"name": "[perl.perl5.porters] 20121010 maint-5.12, maint-5.14, and CVE-2012-5195",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.nntp.perl.org/group/perl.perl5.porters/2012/10/msg193886.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10673"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0352"
},
{
"name": "55314",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/55314"
},
{
"name": "USN-1643-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1643-1"
},
{
"name": "DSA-2586",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2586"
},
{
"name": "[oss-security] 20121026 Medium severity flaw with Perl 5",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/10/26/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://perl5.git.perl.org/perl.git/commit/2709980d5a193ce6f3a16f0d19879a6560dcde44"
},
{
"name": "56287",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/56287"
},
{
"name": "[oss-security] 20121027 Re: Medium severity flaw with Perl 5",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/10/27/1"
},
{
"name": "RHSA-2013:0685",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0685.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"name": "51457",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51457"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10735"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-10-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the Perl_repeatcpy function in util.c in Perl 5.12.x before 5.12.5, 5.14.x before 5.14.3, and 5.15.x before 15.15.5 allows context-dependent attackers to cause a denial of service (memory consumption and crash) or possibly execute arbitrary code via the \u0027x\u0027 string repeat operator."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-06T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name": "MDVSA-2013:113",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:113"
},
{
"name": "[perl.perl5.porters] 20121010 maint-5.12, maint-5.14, and CVE-2012-5195",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.nntp.perl.org/group/perl.perl5.porters/2012/10/msg193886.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10673"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0352"
},
{
"name": "55314",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/55314"
},
{
"name": "USN-1643-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1643-1"
},
{
"name": "DSA-2586",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2586"
},
{
"name": "[oss-security] 20121026 Medium severity flaw with Perl 5",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/10/26/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://perl5.git.perl.org/perl.git/commit/2709980d5a193ce6f3a16f0d19879a6560dcde44"
},
{
"name": "56287",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/56287"
},
{
"name": "[oss-security] 20121027 Re: Medium severity flaw with Perl 5",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/10/27/1"
},
{
"name": "RHSA-2013:0685",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0685.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"name": "51457",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51457"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10735"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-5195",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the Perl_repeatcpy function in util.c in Perl 5.12.x before 5.12.5, 5.14.x before 5.14.3, and 5.15.x before 15.15.5 allows context-dependent attackers to cause a denial of service (memory consumption and crash) or possibly execute arbitrary code via the \u0027x\u0027 string repeat operator."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name": "MDVSA-2013:113",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:113"
},
{
"name": "[perl.perl5.porters] 20121010 maint-5.12, maint-5.14, and CVE-2012-5195",
"refsource": "MLIST",
"url": "http://www.nntp.perl.org/group/perl.perl5.porters/2012/10/msg193886.html"
},
{
"name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10673",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10673"
},
{
"name": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0352",
"refsource": "CONFIRM",
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0352"
},
{
"name": "55314",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/55314"
},
{
"name": "USN-1643-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1643-1"
},
{
"name": "DSA-2586",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2586"
},
{
"name": "[oss-security] 20121026 Medium severity flaw with Perl 5",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/10/26/2"
},
{
"name": "http://perl5.git.perl.org/perl.git/commit/2709980d5a193ce6f3a16f0d19879a6560dcde44",
"refsource": "CONFIRM",
"url": "http://perl5.git.perl.org/perl.git/commit/2709980d5a193ce6f3a16f0d19879a6560dcde44"
},
{
"name": "56287",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/56287"
},
{
"name": "[oss-security] 20121027 Re: Medium severity flaw with Perl 5",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/10/27/1"
},
{
"name": "RHSA-2013:0685",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0685.html"
},
{
"name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"name": "51457",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51457"
},
{
"name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10735",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10735"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-5195",
"datePublished": "2012-12-18T00:00:00",
"dateReserved": "2012-09-28T00:00:00",
"dateUpdated": "2024-08-06T20:58:03.185Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-5526 (GCVE-0-2012-5526)
Vulnerability from cvelistv5
Published
2012-11-21 23:00
Modified
2024-08-06 21:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
CGI.pm module before 3.63 for Perl does not properly escape newlines in (1) Set-Cookie or (2) P3P headers, which might allow remote attackers to inject arbitrary headers into responses from applications that use CGI.pm.
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:05:47.348Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name": "perl-cgipm-header-injection(80098)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80098"
},
{
"name": "55314",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/55314"
},
{
"name": "56562",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/56562"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cpansearch.perl.org/src/MARKSTOS/CGI.pm-3.63/Changes"
},
{
"name": "USN-1643-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1643-1"
},
{
"name": "1027780",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1027780"
},
{
"name": "DSA-2586",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2586"
},
{
"name": "RHSA-2013:0685",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0685.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/markstos/CGI.pm/pull/23"
},
{
"name": "[oss-security] 20121115 Re: CVE Request -- perl-CGI: Newline injection due to improper CRLF escaping in Set-Cookie and P3P headers",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/15/6"
},
{
"name": "51457",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51457"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10735"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-11-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "CGI.pm module before 3.63 for Perl does not properly escape newlines in (1) Set-Cookie or (2) P3P headers, which might allow remote attackers to inject arbitrary headers into responses from applications that use CGI.pm."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name": "perl-cgipm-header-injection(80098)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80098"
},
{
"name": "55314",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/55314"
},
{
"name": "56562",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/56562"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cpansearch.perl.org/src/MARKSTOS/CGI.pm-3.63/Changes"
},
{
"name": "USN-1643-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1643-1"
},
{
"name": "1027780",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1027780"
},
{
"name": "DSA-2586",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2586"
},
{
"name": "RHSA-2013:0685",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0685.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/markstos/CGI.pm/pull/23"
},
{
"name": "[oss-security] 20121115 Re: CVE Request -- perl-CGI: Newline injection due to improper CRLF escaping in Set-Cookie and P3P headers",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/15/6"
},
{
"name": "51457",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51457"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10735"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-5526",
"datePublished": "2012-11-21T23:00:00",
"dateReserved": "2012-10-24T00:00:00",
"dateUpdated": "2024-08-06T21:05:47.348Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…